1
0
mirror of https://github.com/fafhrd91/actix-net synced 2024-11-27 16:52:58 +01:00
actix-net/actix-tls/tests/accept-openssl.rs

154 lines
4.7 KiB
Rust
Raw Permalink Normal View History

//! Use Rustls connector to test OpenSSL acceptor.
#![cfg(all(
feature = "accept",
feature = "connect",
feature = "rustls-0_23",
feature = "openssl"
))]
2023-12-06 05:04:39 +01:00
use std::{io::Write as _, sync::Arc};
use actix_rt::net::TcpStream;
use actix_server::TestServer;
use actix_service::ServiceFactoryExt as _;
2024-02-03 18:01:47 +01:00
use actix_tls::{
accept::openssl::{Acceptor, TlsStream},
connect::rustls_0_23::reexports::ClientConfig,
2024-02-03 18:01:47 +01:00
};
use actix_utils::future::ok;
2023-12-06 05:04:39 +01:00
use rustls_pki_types_1::ServerName;
use tokio_rustls_026::rustls::RootCertStore;
fn new_cert_and_key() -> (String, String) {
let rcgen::CertifiedKey { cert, key_pair } =
2023-07-17 04:05:39 +02:00
rcgen::generate_simple_self_signed(vec!["127.0.0.1".to_owned(), "localhost".to_owned()])
.unwrap();
let key = key_pair.serialize_pem();
let cert = cert.pem();
(cert, key)
}
fn openssl_acceptor(cert: String, key: String) -> tls_openssl::ssl::SslAcceptor {
use tls_openssl::{
pkey::PKey,
ssl::{SslAcceptor, SslMethod},
x509::X509,
};
let cert = X509::from_pem(cert.as_bytes()).unwrap();
let key = PKey::private_key_from_pem(key.as_bytes()).unwrap();
let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
builder.set_certificate(&cert).unwrap();
builder.set_private_key(&key).unwrap();
builder.set_alpn_select_callback(|_, _protocols| Ok(b"http/1.1"));
builder.set_alpn_protos(b"\x08http/1.1").unwrap();
builder.build()
}
mod danger {
2024-02-03 18:01:47 +01:00
use rustls_pki_types_1::{CertificateDer, ServerName, UnixTime};
use tokio_rustls_026::rustls;
2022-04-10 03:48:53 +02:00
2024-02-03 18:01:47 +01:00
/// Disables certificate verification to allow self-signed certs from rcgen.
2023-12-06 05:04:39 +01:00
#[derive(Debug)]
pub struct NoCertificateVerification;
2023-12-06 05:04:39 +01:00
impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
fn verify_server_cert(
&self,
2024-02-03 18:01:47 +01:00
_end_entity: &CertificateDer<'_>,
_intermediates: &[CertificateDer<'_>],
_server_name: &ServerName<'_>,
_ocsp: &[u8],
2024-02-03 18:01:47 +01:00
_now: UnixTime,
2023-12-06 05:04:39 +01:00
) -> Result<rustls::client::danger::ServerCertVerified, rustls::Error> {
Ok(rustls::client::danger::ServerCertVerified::assertion())
}
fn verify_tls12_signature(
&self,
2024-02-03 18:01:47 +01:00
_message: &[u8],
_cert: &rustls_pki_types_1::CertificateDer<'_>,
_dss: &rustls::DigitallySignedStruct,
2023-12-06 05:04:39 +01:00
) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
}
fn verify_tls13_signature(
&self,
2024-02-03 18:01:47 +01:00
_message: &[u8],
_cert: &rustls_pki_types_1::CertificateDer<'_>,
_dss: &rustls::DigitallySignedStruct,
2023-12-06 05:04:39 +01:00
) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
}
fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
rustls::crypto::aws_lc_rs::default_provider()
2023-12-06 05:04:39 +01:00
.signature_verification_algorithms
.supported_schemes()
}
}
}
#[allow(dead_code)]
fn rustls_connector(_cert: String, _key: String) -> ClientConfig {
let mut config = ClientConfig::builder()
.with_root_certificates(RootCertStore::empty())
.with_no_client_auth();
config
.dangerous()
.set_certificate_verifier(Arc::new(danger::NoCertificateVerification));
config.alpn_protocols = vec![b"http/1.1".to_vec()];
config
}
#[actix_rt::test]
async fn accepts_connections() {
tokio_rustls_026::rustls::crypto::aws_lc_rs::default_provider()
.install_default()
.unwrap();
let (cert, key) = new_cert_and_key();
2021-12-27 19:27:54 +01:00
let srv = TestServer::start({
let cert = cert.clone();
let key = key.clone();
move || {
let openssl_acceptor = openssl_acceptor(cert.clone(), key.clone());
let tls_acceptor = Acceptor::new(openssl_acceptor);
tls_acceptor
.map_err(|err| println!("OpenSSL error: {:?}", err))
.and_then(move |_stream: TlsStream<TcpStream>| ok(()))
}
});
let mut sock = srv
.connect()
.expect("cannot connect to test server")
.into_std()
.unwrap();
sock.set_nonblocking(false).unwrap();
let config = rustls_connector(cert, key);
let config = Arc::new(config);
let mut conn = tokio_rustls_026::rustls::ClientConnection::new(
config,
ServerName::try_from("localhost").unwrap(),
)
.unwrap();
let mut stream = tokio_rustls_026::rustls::Stream::new(&mut conn, &mut sock);
stream.flush().expect("TLS handshake failed");
}